matt.bionicmessage.net feedCompletely randomhttp://matt.bionicmessage.net/2013-01-04T14:57:15ZMathew McBridematt@bionicmessage.nettag:matt.bionicmessage.net,2014-06-27:/blog/2014/06/27/Gigabyte%20990FXA-UD3%20with%20ESXi%205.5%20and%20IOMMU1970-01-01T00:00:00Z2014-06-27T10:34:52ZI have been able to set up an ESXi environment with the
990FXA-UD3 rev 4.0 motherboard.
This motherboard is rather nice as it has four PCI Express x16 slots (two x16 speed, two x4), as well as two
1x and one conventional PCI. The downside is this board is a little pricey (around $180AUD), compared to the 3 slot ASRock 970-Extreme4 that retails for around $115AUD.

VMDirectPath (PCI Express passthrough) works when IOMMU has been enabled in the BIOS (which it isn't by default),
and I have successfully passed through the following cards with it:

The Intel Quad card cannot be enabled for passthrough by defualt, as its PCI-Express switch
does not implement the required security extension (ACS). This check can be disabled in the ESXi advanced settings
(see this page for an example).
Once that is done, individual 'ports' on the card can be passed through (but enabling passthrough for one of a two port group requires the other port to be passed as well).
I have a PERC 6i and two ports of the Intel card passed through two two seperate VMs each.

ESXi then reserves a large amount of RAM for itself (System Reserved), it won't let me lower this down past 2GB, along with the above, leaving me with 12GB available for VMs (out of 16GB) :(

I have a low end Gigabyte 5450 installed as the video card (in the first x16 slot), but haven't tried to pass through that yet (will when I get my hands on a PCI video card)

And just a reminder, ESXi 5.5 removed (the unofficial) support for the Realtek 8111E, which appears as the onboard NIC on far too many motherboards, this one included. It can be slipstreamed
in the ISO image used to install ESXi (see here for example).

Popular Geoblock evasion systems currently consist of browser plugins, or require modifications to DNS or other settings inside the end users network. The effect of these methods is either to restrict the applications that may be used to view Geoblock'ed content, or interfere with other internet applications – for example, by using a 'foreign' DNS server, content delivered from CDNs may come from a non-optimal source for that user.

With some creative routing table manipulation, control traffic for certain applications can be routed into a VPN tunnel, while general internet traffic and video traffic for the geoblocked applications can travel over the regular internet without any VPN performance loss.

For devices that we want to think are always in 'MURICA, a dedicated VLAN is used that drops all traffic from it to the VPN. Similar to the non-VLAN case, video traffic for geoblocked applications can be routed over the default internet route to avoid performance loss from VPN tunnels.

Read on for more

]]>tag:matt.bionicmessage.net,2013-05-19:/blog/2013/05/19/Show%20and%20tell%3A%20Networked%20LPC1768%20platform%202013-05-19T09:17:47Z2013-05-19T09:17:47ZFor the past 18 months I've been playing with the NXP LPC1768 - a 32-bit ARM Cortex-M3 CPU. I started with the mbed and then the LPCXpresso and now my own board.

The driver throughout has been to produce a network-connected display - potential uses include a control panel for home automation, NFC access control or payments and more

Read below the fold for more]]>tag:matt.bionicmessage.net,2013-04-27:/blog/2013/04/27/Running%20BitTorrent%20Sync%20on%20your%20(rooted)%20Android%20device1970-01-01T00:00:00Z2013-04-27T10:45:35Z

BitTorrent, Inc came out with the beta of Sync - a peer to peer file sync tool this week. It came at the right time for me as I was looking for something to sync files across multiple machines, both across LAN and the internet, while using my own infrastructure.

The only issue I have with it is that there is no Android client yet. And I really want one - I use my Android tablet to write notes/annotate lecture slides and I want to ensure these are available on both my PCs and on my server.

Thankfully, while we wait for Sync to come to Android, there is a way to run Sync on your Android device right now, thanks to the fact that the BitTorrent folks have been awesome and released binaries for Linux on multiple architectures (including ARM, which is what 99% of the Android install base is running).

Read below the fold for more..

]]>tag:matt.bionicmessage.net,2013-03-26:/blog/2013/03/26/HOWTO%3A%20Read%20only%20rootfs%2C%20writes%20to%20USB%20on%20Linux1970-01-01T00:00:00Z2013-03-26T09:49:48ZWhat you will need:

The goal of this excercise is to create a Linux system that has a read-only root filesystem, with all write activites performed on a USB drive. In this instance, we will boot a Raspberry Pi, with the SDcard used as the read only rootfs, and a USB drive used for all file writes (system logs etc.). This is done to improve reliability, as during our access system project, we found that the SDcard can be a bit fragile if the system is reset often.

Read below the fold for more

]]>tag:matt.bionicmessage.net,2013-02-17:/blog/2013/02/17/Frequently%20asked%20questions%20about%20NFC%20and%20myki%20cards1970-01-01T00:00:00Z2013-02-17T07:02:45ZBack in 2010, when I was first experimenting with NFC, I uploaded a file with information from a myki card to my website. According to the logs, it is one of (if not, the) most viewed pages on my site every month(!). More recently, after UltraReset appeared and some were asking if myki was vulnerable to it, I pulled out my NFC reader one lunchtime and found the answer (hint: nope!).

(The above article was mentioned on ZDnet, together with a response from the contractor of the myki system (KAMCO). I actually didn't notice it until someone reposted the link a few months later!)

These days one can find a similar information about any NFC card with an NFC smartphone and a suitable app - such as TagInfo by NXP. (Who are usually tight lipped about providing any useful technical information about their NFC products without an NDA)

The myki card

myki cards are powered by MIFARE DESFire series ICs - that contain an embedded 8051-type microcontroller, an embedded 3DES encryption engine and an operating system that allows one to maintain a filesystem on the card as well as handling authentication.

Read full post for more

]]>tag:matt.bionicmessage.net,2013-02-02:/blog/2013/02/02/Escaping%20(CG)NAT%20hell%3A%20tunnel%20your%20way%20out2013-02-02T09:06:22Z2013-02-02T09:06:22ZRecently my ADSL connection was down for a few days as some idiot had put a shovel or backhoe into a set of phone lines serving the area (no ADSL). To make matters worse, this happened while we were collecting a relative from the airport. The ability to communicate with relatives either by phone or applications like Skype is important, not to mention I need internet access just to entertain myself, so I set about finding a solution.

Click to read more

]]>tag:matt.bionicmessage.net,2013-01-12:/blog/2013/01/12/Installing%20Windows%20on%20an%20(older)%20Mac%20without%20DVD%20drive%20with%20Parallels1970-01-01T00:00:00Z2013-01-12T10:18:54ZMy Macbook Pro (mid 2010) model does not have a DVD drive - I removed the inbuilt DVD drive and moved the supplied HDD to the optical drive (with an OptiBay) when I installed my SSD. This causes problems installing Windows as the EFI version on this machine will not boot a Windows install DVD from an external DVD drive

One method to get around this is to install Windows on a virtual machine first and then clone the image onto the bootcamp drive using Winclone

Hugues Valentin has an article describing the method using VirtualBox. I already use Parallels and would rather not install VirtualBox for a single purpose.

You will need the qemu-img command from QEMU to continue, you can get it from MacPorts.

To install Windows, proceed with the instructions in the article above. Ensure you only create a VM with the lowest size practicable (i.e 20GB rather than the default 60GB) as we'll need to copy it later

Once Windows is installed, open up Terminal and change to the directory holding the Parallels disk image. Use qemu-img to convert the Parallels disk to a raw image, like so:

You can the mount the Windows image as a regular disk drive ("open win8.img") and then use WinClone to clone it to your bootcamp drive

]]>tag:matt.bionicmessage.net,2013-01-12:/blog/2013/01/12/IGMP%20multicast%20with%20Dell%20PowerConnect%2028082013-01-12T00:00:00Z2013-01-12T09:54:10ZI'm playing around with a Dell PowerConnect 2808 switch before deploying it for a production use. One thing I tested was multicast and IGMP snooping support

After configuring IGMP snooping as per the manual, I found each port continued to receive the multicast streams after the clients left the stream.

It appears to get IGMP joins and leaves working as expected, one needs to define a multicast bridge group for that multicast IP first.

I am pleased to annouce a port of the FNET network stack to the NXP LPC176x (ARM Cortex-M3) microcontrollers (mbed and LPCXpresso boards). This brings an excellent networking stack with not only IPv4 and IPv6 capabilities, but also fully open source under the GPL and LGPLv3 with a linking exemption allowing use in closed-source projects